| Message ID | 1459344045-21602-1-git-send-email-jarkko.sakkinen@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, Mar 30, 2016 at 04:20:45PM +0300, Jarkko Sakkinen wrote: > Self-test functions construct PCR read calls by ad hoc, which is only a > waste space. Use instead tpm_pcr_read_dev (renamed as tpm1_pcr_read() by > this commit) in tpm_do_selftest and tpm2_pcr_read() in > tpm2_do_selftest() functions in order to remove the duplicate code. > > Patch can be tested easily tested by running the a kernel with this > patch compiled in since self-test is done when the a device driver > initializes. This is now fixed version (I forgot to squash one fixup to the previous version). This could use peer test preferably with a FIFO device. It is easy as one only needs to load the driver and see that there are no errors in dmesg from self-additions. As an additional measure on a TPM 1.x device outputting 'pcrs' file could be a good idea. /Jarkko > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > --- > drivers/char/tpm/tpm-interface.c | 14 +++++--------- > drivers/char/tpm/tpm-sysfs.c | 2 +- > drivers/char/tpm/tpm.h | 2 +- > drivers/char/tpm/tpm2-cmd.c | 14 ++------------ > 4 files changed, 9 insertions(+), 23 deletions(-) > > diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c > index 5397b64..0c8140f 100644 > --- a/drivers/char/tpm/tpm-interface.c > +++ b/drivers/char/tpm/tpm-interface.c > @@ -1,6 +1,6 @@ > /* > * Copyright (C) 2004 IBM Corporation > - * Copyright (C) 2014 Intel Corporation > + * Copyright (C) 2014, 2016 Intel Corporation > * > * Authors: > * Leendert van Doorn <leendert@watson.ibm.com> > @@ -666,7 +666,7 @@ static struct tpm_input_header pcrread_header = { > .ordinal = TPM_ORDINAL_PCRREAD > }; > > -int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) > +int tpm1_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) > { > int rc; > struct tpm_cmd_t cmd; > @@ -676,7 +676,7 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) > rc = tpm_transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE, > "attempting to read a pcr value"); > > - if (rc == 0) > + if (rc == 0 && res_buf) > memcpy(res_buf, cmd.params.pcrread_out.pcr_result, > TPM_DIGEST_SIZE); > return rc; > @@ -728,7 +728,7 @@ int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) > if (chip->flags & TPM_CHIP_FLAG_TPM2) > rc = tpm2_pcr_read(chip, pcr_idx, res_buf); > else > - rc = tpm_pcr_read_dev(chip, pcr_idx, res_buf); > + rc = tpm1_pcr_read(chip, pcr_idx, res_buf); > tpm_put_ops(chip); > return rc; > } > @@ -793,7 +793,6 @@ int tpm_do_selftest(struct tpm_chip *chip) > unsigned int loops; > unsigned int delay_msec = 100; > unsigned long duration; > - struct tpm_cmd_t cmd; > > duration = tpm_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST); > > @@ -808,9 +807,7 @@ int tpm_do_selftest(struct tpm_chip *chip) > > do { > /* Attempt to read a PCR value */ > - cmd.header.in = pcrread_header; > - cmd.params.pcrread_in.pcr_idx = cpu_to_be32(0); > - rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE); > + rc = tpm1_pcr_read(chip, 0, NULL); > /* Some buggy TPMs will not respond to tpm_tis_ready() for > * around 300ms while the self test is ongoing, keep trying > * until the self test duration expires. */ > @@ -825,7 +822,6 @@ int tpm_do_selftest(struct tpm_chip *chip) > if (rc < TPM_HEADER_SIZE) > return -EFAULT; > > - rc = be32_to_cpu(cmd.header.out.return_code); > if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { > dev_info(&chip->dev, > "TPM is disabled/deactivated (0x%X)\n", rc); > diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c > index 34e7fc7..48e30bd 100644 > --- a/drivers/char/tpm/tpm-sysfs.c > +++ b/drivers/char/tpm/tpm-sysfs.c > @@ -101,7 +101,7 @@ static ssize_t pcrs_show(struct device *dev, struct device_attribute *attr, > > num_pcrs = be32_to_cpu(cap.num_pcrs); > for (i = 0; i < num_pcrs; i++) { > - rc = tpm_pcr_read_dev(chip, i, digest); > + rc = tpm1_pcr_read(chip, i, digest); > if (rc) > break; > str += sprintf(str, "PCR-%02d: ", i); > diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h > index cd780c7..89740db 100644 > --- a/drivers/char/tpm/tpm.h > +++ b/drivers/char/tpm/tpm.h > @@ -511,7 +511,7 @@ extern void tpm_chip_unregister(struct tpm_chip *chip); > int tpm_sysfs_add_device(struct tpm_chip *chip); > void tpm_sysfs_del_device(struct tpm_chip *chip); > > -int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); > +int tpm1_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); > > #ifdef CONFIG_ACPI > extern void tpm_add_ppi(struct tpm_chip *chip); > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c > index 5fc0e7c..afe8d47 100644 > --- a/drivers/char/tpm/tpm2-cmd.c > +++ b/drivers/char/tpm/tpm2-cmd.c > @@ -284,7 +284,7 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) > > rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), > "attempting to read a pcr value"); > - if (rc == 0) { > + if (rc == 0 && res_buf) { > buf = cmd.params.pcrread_out.digest; > memcpy(res_buf, buf, TPM_DIGEST_SIZE); > } > @@ -861,7 +861,6 @@ int tpm2_do_selftest(struct tpm_chip *chip) > unsigned int loops; > unsigned int delay_msec = 100; > unsigned long duration; > - struct tpm2_cmd cmd; > int i; > > duration = tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST); > @@ -874,19 +873,10 @@ int tpm2_do_selftest(struct tpm_chip *chip) > > for (i = 0; i < loops; i++) { > /* Attempt to read a PCR value */ > - cmd.header.in = tpm2_pcrread_header; > - cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1); > - cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1); > - cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN; > - cmd.params.pcrread_in.pcr_select[0] = 0x01; > - cmd.params.pcrread_in.pcr_select[1] = 0x00; > - cmd.params.pcrread_in.pcr_select[2] = 0x00; > - > - rc = tpm_transmit_cmd(chip, (u8 *) &cmd, sizeof(cmd), NULL); > + rc = tpm2_pcr_read(chip, 0, NULL); > if (rc < 0) > break; > > - rc = be32_to_cpu(cmd.header.out.return_code); > if (rc != TPM2_RC_TESTING) > break; > > -- > 1.9.1 > ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
On Wed, Mar 30, 2016 at 04:20:45PM +0300, Jarkko Sakkinen wrote: > - rc = be32_to_cpu(cmd.header.out.return_code); > if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { This line is the entire reason it is open coded, I see it being removed, but I don't see how the functionality is maintained? Jason ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
On Wed, Mar 30, 2016 at 11:46:23PM -0600, Jason Gunthorpe wrote: > On Wed, Mar 30, 2016 at 04:20:45PM +0300, Jarkko Sakkinen wrote: > > > - rc = be32_to_cpu(cmd.header.out.return_code); > > if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { > > This line is the entire reason it is open coded, I see it being > removed, but I don't see how the functionality is maintained? When tpm_trance_cmd() returns a positive number it is the TPM error code that it returns. tpm_pcr_read() does pass through whatever tpm_trace_cmd() returns so the above condition should still work as expected. > Jason /Jarkko ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
On Thu, Mar 31, 2016 at 09:37:56AM +0300, Jarkko Sakkinen wrote: > On Wed, Mar 30, 2016 at 11:46:23PM -0600, Jason Gunthorpe wrote: > > On Wed, Mar 30, 2016 at 04:20:45PM +0300, Jarkko Sakkinen wrote: > > > > > - rc = be32_to_cpu(cmd.header.out.return_code); > > > if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { > > > > This line is the entire reason it is open coded, I see it being > > removed, but I don't see how the functionality is maintained? > > When tpm_trance_cmd() returns a positive number it is the TPM error code > that it returns. tpm_pcr_read() does pass through whatever > tpm_trace_cmd() returns so the above condition should still work as > expected. Okay, everything looks fine to me Jason ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
On Fri, Apr 01, 2016 at 09:16:15PM -0600, Jason Gunthorpe wrote: > On Thu, Mar 31, 2016 at 09:37:56AM +0300, Jarkko Sakkinen wrote: > > On Wed, Mar 30, 2016 at 11:46:23PM -0600, Jason Gunthorpe wrote: > > > On Wed, Mar 30, 2016 at 04:20:45PM +0300, Jarkko Sakkinen wrote: > > > > > > > - rc = be32_to_cpu(cmd.header.out.return_code); > > > > if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { > > > > > > This line is the entire reason it is open coded, I see it being > > > removed, but I don't see how the functionality is maintained? > > > > When tpm_trance_cmd() returns a positive number it is the TPM error code > > that it returns. tpm_pcr_read() does pass through whatever > > tpm_trace_cmd() returns so the above condition should still work as > > expected. > > Okay, everything looks fine to me I applied this to http://git.infradead.org/users/jjs/linux-tpmdd.git in order to get exposure (tested-by's are always welcome). > Jason /Jarkko ------------------------------------------------------------------------------
Hi Jarkko,
I think there is a bug in the current version of this patch.
tpm1_pcr_read returns TPM status code (>= 0)
In tpm_do_selftest, after tpm1_pcr_read, rc is compared with
TPM_HEADER_SIZE.
In short:
"if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {" is never
reached because TPM_ERR_DISABLED(0x7) and TPM_ERR_DEACTIVATED(0x6) are <
TPM_HEADER size.
TPM_HEADER_SIZE beeing already checked in tpm_transmit_cmd, i think a
reasonable fix will be to remove:
if (rc < TPM_HEADER_SIZE)
return -EFAULT;
in tpm_do_self_test.
Can you merge this fix into the current patch or do you want me to send it
to you ?
Best Regards
Christophe
2016-04-05 11:42 GMT+02:00 Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
:
> On Fri, Apr 01, 2016 at 09:16:15PM -0600, Jason Gunthorpe wrote:
> > On Thu, Mar 31, 2016 at 09:37:56AM +0300, Jarkko Sakkinen wrote:
> > > On Wed, Mar 30, 2016 at 11:46:23PM -0600, Jason Gunthorpe wrote:
> > > > On Wed, Mar 30, 2016 at 04:20:45PM +0300, Jarkko Sakkinen wrote:
> > > >
> > > > > - rc = be32_to_cpu(cmd.header.out.return_code);
> > > > > if (rc == TPM_ERR_DISABLED || rc ==
> TPM_ERR_DEACTIVATED) {
> > > >
> > > > This line is the entire reason it is open coded, I see it being
> > > > removed, but I don't see how the functionality is maintained?
> > >
> > > When tpm_trance_cmd() returns a positive number it is the TPM error
> code
> > > that it returns. tpm_pcr_read() does pass through whatever
> > > tpm_trace_cmd() returns so the above condition should still work as
> > > expected.
> >
> > Okay, everything looks fine to me
>
> I applied this to http://git.infradead.org/users/jjs/linux-tpmdd.git in
> order to get exposure (tested-by's are always welcome).
>
> > Jason
>
> /Jarkko
>
------------------------------------------------------------------------------
On Wed, Apr 06, 2016 at 04:03:52PM +0200, Christophe Ricard wrote: > Hi Jarkko, > > I think there is a bug in the current version of this patch. > tpm1_pcr_read returns TPM status code (>= 0) > > In tpm_do_selftest, after tpm1_pcr_read, rc is compared with > TPM_HEADER_SIZE. > > In short: > "if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) {" is never > reached because TPM_ERR_DISABLED(0x7) and TPM_ERR_DEACTIVATED(0x6) are < > TPM_HEADER size. > TPM_HEADER_SIZE beeing already checked in tpm_transmit_cmd, i think a > reasonable fix will be to remove: > if (rc < TPM_HEADER_SIZE) > Â Â Â Â Â Â return -EFAULT; > > in tpm_do_self_test. > > Can you merge this fix into the current patch or do you want me to send it > to you ? This is my bad and thanks for catching this. I tested the patch but for some reason the patch that I sent to LKML does not have this check removed. The check can be safely removed because the same check is done internally by tpm_transmit(). For now I removed the patch from my master branch since there is a crash that I'm debugging and this is low priority change. I'll include this change among couple of other patches to a patches to a patch set that unifies all parts to call tpm_transmit_cmd() later on. Thanks again for spotting this! /Jarkko > Best Regards > Christophe > 2016-04-05 11:42 GMT+02:00 Jarkko Sakkinen > <jarkko.sakkinen@linux.intel.com>: > > On Fri, Apr 01, 2016 at 09:16:15PM -0600, Jason Gunthorpe wrote: > > On Thu, Mar 31, 2016 at 09:37:56AM +0300, Jarkko Sakkinen wrote: > > > On Wed, Mar 30, 2016 at 11:46:23PM -0600, Jason Gunthorpe wrote: > > > > On Wed, Mar 30, 2016 at 04:20:45PM +0300, Jarkko Sakkinen wrote: > > > > > > > > > -Â Â Â Â Â Â Â Â rc = > be32_to_cpu(cmd.header.out.return_code); > > > > >Â Â Â Â Â Â Â Â Â if (rc == TPM_ERR_DISABLED || rc == > TPM_ERR_DEACTIVATED) { > > > > > > > > This line is the entire reason it is open coded, I see it being > > > > removed, but I don't see how the functionality is maintained? > > > > > > When tpm_trance_cmd() returns a positive number it is the TPM error > code > > > that it returns. tpm_pcr_read() does pass through whatever > > > tpm_trace_cmd() returns so the above condition should still work as > > > expected. > > > > Okay, everything looks fine to me > > I applied this to http://git.infradead.org/users/jjs/linux-tpmdd.git in > order to get exposure (tested-by's are always welcome). > > > Jason > /Jarkko ------------------------------------------------------------------------------
diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 5397b64..0c8140f 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2004 IBM Corporation - * Copyright (C) 2014 Intel Corporation + * Copyright (C) 2014, 2016 Intel Corporation * * Authors: * Leendert van Doorn <leendert@watson.ibm.com> @@ -666,7 +666,7 @@ static struct tpm_input_header pcrread_header = { .ordinal = TPM_ORDINAL_PCRREAD }; -int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) +int tpm1_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) { int rc; struct tpm_cmd_t cmd; @@ -676,7 +676,7 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) rc = tpm_transmit_cmd(chip, &cmd, READ_PCR_RESULT_SIZE, "attempting to read a pcr value"); - if (rc == 0) + if (rc == 0 && res_buf) memcpy(res_buf, cmd.params.pcrread_out.pcr_result, TPM_DIGEST_SIZE); return rc; @@ -728,7 +728,7 @@ int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) if (chip->flags & TPM_CHIP_FLAG_TPM2) rc = tpm2_pcr_read(chip, pcr_idx, res_buf); else - rc = tpm_pcr_read_dev(chip, pcr_idx, res_buf); + rc = tpm1_pcr_read(chip, pcr_idx, res_buf); tpm_put_ops(chip); return rc; } @@ -793,7 +793,6 @@ int tpm_do_selftest(struct tpm_chip *chip) unsigned int loops; unsigned int delay_msec = 100; unsigned long duration; - struct tpm_cmd_t cmd; duration = tpm_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST); @@ -808,9 +807,7 @@ int tpm_do_selftest(struct tpm_chip *chip) do { /* Attempt to read a PCR value */ - cmd.header.in = pcrread_header; - cmd.params.pcrread_in.pcr_idx = cpu_to_be32(0); - rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE); + rc = tpm1_pcr_read(chip, 0, NULL); /* Some buggy TPMs will not respond to tpm_tis_ready() for * around 300ms while the self test is ongoing, keep trying * until the self test duration expires. */ @@ -825,7 +822,6 @@ int tpm_do_selftest(struct tpm_chip *chip) if (rc < TPM_HEADER_SIZE) return -EFAULT; - rc = be32_to_cpu(cmd.header.out.return_code); if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { dev_info(&chip->dev, "TPM is disabled/deactivated (0x%X)\n", rc); diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c index 34e7fc7..48e30bd 100644 --- a/drivers/char/tpm/tpm-sysfs.c +++ b/drivers/char/tpm/tpm-sysfs.c @@ -101,7 +101,7 @@ static ssize_t pcrs_show(struct device *dev, struct device_attribute *attr, num_pcrs = be32_to_cpu(cap.num_pcrs); for (i = 0; i < num_pcrs; i++) { - rc = tpm_pcr_read_dev(chip, i, digest); + rc = tpm1_pcr_read(chip, i, digest); if (rc) break; str += sprintf(str, "PCR-%02d: ", i); diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index cd780c7..89740db 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -511,7 +511,7 @@ extern void tpm_chip_unregister(struct tpm_chip *chip); int tpm_sysfs_add_device(struct tpm_chip *chip); void tpm_sysfs_del_device(struct tpm_chip *chip); -int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); +int tpm1_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); #ifdef CONFIG_ACPI extern void tpm_add_ppi(struct tpm_chip *chip); diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 5fc0e7c..afe8d47 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -284,7 +284,7 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), "attempting to read a pcr value"); - if (rc == 0) { + if (rc == 0 && res_buf) { buf = cmd.params.pcrread_out.digest; memcpy(res_buf, buf, TPM_DIGEST_SIZE); } @@ -861,7 +861,6 @@ int tpm2_do_selftest(struct tpm_chip *chip) unsigned int loops; unsigned int delay_msec = 100; unsigned long duration; - struct tpm2_cmd cmd; int i; duration = tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST); @@ -874,19 +873,10 @@ int tpm2_do_selftest(struct tpm_chip *chip) for (i = 0; i < loops; i++) { /* Attempt to read a PCR value */ - cmd.header.in = tpm2_pcrread_header; - cmd.params.pcrread_in.pcr_selects_cnt = cpu_to_be32(1); - cmd.params.pcrread_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1); - cmd.params.pcrread_in.pcr_select_size = TPM2_PCR_SELECT_MIN; - cmd.params.pcrread_in.pcr_select[0] = 0x01; - cmd.params.pcrread_in.pcr_select[1] = 0x00; - cmd.params.pcrread_in.pcr_select[2] = 0x00; - - rc = tpm_transmit_cmd(chip, (u8 *) &cmd, sizeof(cmd), NULL); + rc = tpm2_pcr_read(chip, 0, NULL); if (rc < 0) break; - rc = be32_to_cpu(cmd.header.out.return_code); if (rc != TPM2_RC_TESTING) break;
Self-test functions construct PCR read calls by ad hoc, which is only a waste space. Use instead tpm_pcr_read_dev (renamed as tpm1_pcr_read() by this commit) in tpm_do_selftest and tpm2_pcr_read() in tpm2_do_selftest() functions in order to remove the duplicate code. Patch can be tested easily tested by running the a kernel with this patch compiled in since self-test is done when the a device driver initializes. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- drivers/char/tpm/tpm-interface.c | 14 +++++--------- drivers/char/tpm/tpm-sysfs.c | 2 +- drivers/char/tpm/tpm.h | 2 +- drivers/char/tpm/tpm2-cmd.c | 14 ++------------ 4 files changed, 9 insertions(+), 23 deletions(-)